CVE-2020-11652

saltstack/salt

on github

Published

April 30, 2020

Severity

CVSS v3:

6.5 MEDIUM

CVSS v2:

4 MEDIUM

Description

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

References

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:saltstack:salt::::::::	3000 (including)	3000.2	*
cpe:2.3:a:saltstack:salt::::::::	n/a	2019.2.4	*
cpe:2.3:o:opensuse:leap:15.1:::::::*	n/a	n/a	15.1
cpe:2.3:o:debian:debian_linux:8.0:::::::*	n/a	n/a	8.0
cpe:2.3:o:debian:debian_linux:9.0:::::::*	n/a	n/a	9.0
cpe:2.3:o:debian:debian_linux:10.0:::::::*	n/a	n/a	10.0
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::	n/a	n/a	18.04
cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::	n/a	n/a	16.04
cpe:2.3:a:blackberry:workspaces_server:9.1.0:::::::*	n/a	n/a	9.1.0
cpe:2.3:a:blackberry:workspaces_server::::::::	n/a	7.1.3 (including)	*
cpe:2.3:a:blackberry:workspaces_server::::::::	8.0.0 (including)	8.2.6 (including)	*
cpe:2.3:a:vmware:application_remote_collector:8.0.0:::::::*	n/a	n/a	8.0.0
cpe:2.3:a:vmware:application_remote_collector:7.5.0:::::::*	n/a	n/a	7.5.0

External Links

NVD - CVE-2020-11652